The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248
Reference (s):
- APPLE:APPLE-SA-2015-09-16-2
- URL: http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
- BID:74260
- URL: http://www.securityfocus.com/bid/74260
- http://subversion.apache.org/security/CVE-2015-0248-advisory.txt